Lucene search
FortinetCVELIST:CVE-2020-29015HistoryJan 14, 2021 - 4:07 p.m.
CVE-2020-29015
2021-01-1416:07:20
fortinet
www.cve.org
8
fortiweb
sql injection
vulnerability
remote attacker
authorization header
A blind SQL injection in the user interface of FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to execute arbitrary SQL queries or commands by sending a request with a crafted Authorization header containing a malicious SQL statement.
CNA Affected
[
{
"product": "Fortinet FortiWeb",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4"
}
]
}
]References
Related
nvd
nvd
CVE-2020-29015
2021-01-14 16:15:17
cve
cve
CVE-2020-29015
2021-01-14 16:15:17
prion
prion
Sql injection
2021-01-14 16:15:00
fortinet
fortinet
FortiWeb is vulnerable to a blind SQL injection
2021-01-04 00:00:00
seebug
seebug
Fortinet FortiWeb 授权命令注入漏洞(CVE-2021-22123)
2021-08-19 00:00:00
rapid7blog
rapid7blog
Fortinet FortiWeb OS Command Injection
2021-08-17 13:58:19
threatpost
threatpost
Unpatched Fortinet Bug Allows Firewall Takeovers
2021-08-18 12:07:33
thn
thn
Unpatched Remote Hacking Flaw Disclosed in Fortinet's FortiWeb WAF
2021-08-18 03:41:00